Maybe you and your colleagues have scrubbed up on the tell-tale sign of a phishing email, but are you be able to spot these highly-sophisticated fraudulent emails? Let’s find out...
Not only are employee phishing scams increasing in numbers - they’re increasing in sophistication. Here, we’ve given examples of some of the most popular and most successful phishing emails out there. Take a look, share, and avoid...
1. The Fake Invoice Scam
Let’s start with arguably the most popular phishing template out there - the fake invoice technique. Like many phishing attacks, this scam relies on fear and urgency, pressuring an end user to submit a payment for goods or services they’ve never even ordered or received.
Finance departments are the obvious targets for this sort of attack, although there’s plenty of potential victims that could be duped.
2. Email Account Upgrade Scam
Faced with having your account expire unless immediate action is taken, the email account upgrade scam can come from trusted email providers like Microsoft and Google, or simply from your seemingly from your company’s IT department.
As you can see, nothing harmful stands out from this email. There’s no stand-out grammatical errors, no elaborate requests, and the link itself would appear to direct to a safe “https” web page to an unsuspecting user. A useful tip is to hover over the link itself when being asked to give personal details - as the text itself often doesn’t represent the true destination of the link.
3. Nigerian Scam
Perhaps receiving an email from a ‘Nigerian Prince’ begging for your help in recovering a trapped chunk of money is a laughable excuse of an elaborate story. But don’t be fooled, this scam has been around for a while, and there’s a good reason - it works.
In the email, the scammer will offer you a large sum of money in exchange for your bank details. Not only will you not receive a dime from this kindly Prince, you will also see a chunk of your money go in the opposite direction.
4. Google Doc Scam
One of the most recent high-profile phishing techniques, the Google Docs scam offers an extra sinister twist as the sender can often appear to be someone you know.
This ultra-sophisticated email encourages you to click on its link in order to view a ‘document’, which then takes you to an almost identical version of Gmail’s login page. Once an account has been selected, you’re then invited to grant access to your Google account, meaning the attacker has free rein.
5. PayPal Scam
With around 200 million users, PayPal is an incredibly lucrative tool for a cyber criminal. As well as its high volume of accounts, PayPal offers fraudsters the chance to take advantage of a platform linked directly to your credit card or bank account.
These emails often include the PayPal logo, plus a convincing chunk of fine print at the bottom of the email. Again, this scam tries to enforce panic mode into its victims, often with a “There’s a problem with your account, please click here to fix it” kind of message. Beware, they also contain legitimate-looking fine print.
6. Message From HR Scam
We all (hopefully) trust our HR team, especially when it comes to receiving highly important emails relating to company-wide or personal updates. The problem is, cyber criminals, know just how much trust we place in our HR colleagues.
A HR email scam often contains a malicious attachment or link that, once clicked, will install malicious software onto your computer or device. Encourage colleagues to ask the HR sender directly whether a request for personal information is legitimate before pressing send.
7. Dropbox Scam
The same old story of encouraging users to click a link, yet a whole new platform to utilise. Dropbox, the online sharing and storage platform, has grown massively in popularity over recent years - and so too has their fraudulent copycats.
The Dropbox phishing email usually works by informing a user that the ‘file’ which has been emailed to them is too large, and needs to be opened with a quick “click on this link”. You’ve probably guessed by now that a fake Dropbox landing page is waiting… and you’d be right. What you might not have guessed is that this page can actually be located within Dropbox itself - waiting patiently to harvest your details.
8.The Council Tax Scam
The council tax scam is a particularly frustrating attack, as it can use a variety of clever messages that convince you to part ways with your details.
From the UK Gov website, here are a few more examples of what a fraudulent tax
email may contain:
- It insists you’re in the wrong Council Tax band and are owed back payments on your Council Tax bill, when in fact your band is correct;
- It says they’re from the local council or Valuation Office Agency (VOA) and ask for your bank details so they can provide a refund;
- Claim that the VOA charges you to challenge your Council Tax band;
- Claims that taxpayers must, by law, be represented by an agent to challenge their band.
End users are encouraged to click the link inside the email, in order to be directed to a legitimate page (i.e., Microsoft) where they are quickly able to update their password. But, any credentials entered into this page will be sent straight to the cyber criminals at hand.
9.Unusual Activity Scam
When receiving an email or text stating that there has been “suspicious activity on your account”, alarm bells start ringing at full pace. That’s why this scam works so well for scammers, as victims aren’t just faced with urgency and panic - they’re also faced with confusion.
This is just one example of where an unusual activity scam can come from. Any app, website or platform - whether it be your bank or even your Instagram account - can be used by an attacker for this damaging technique.
Knowing what a phishing scam looks like is good, but not good enough
So, now you've seen some of the most popular examples of phishing templates out there - but more needs to be done to truly protect businesses and users from falling victim to ever-growing and ever-increasing campaigns. Raising employee awareness on not only what the most popular scams look like, but also how to spot the less obvious signs, how to report a scam, and how to avoid giving away valuable information that helps an attacker is key.